cvelistv5 - CVE-2007-1499

CVE-2007-1499 (GCVE-0-2007-1499)

Vulnerability from cvelistv5 – Published: 2007-03-17 10:00 – Updated: 2024-08-07 12:59

Summary

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/22966	vdb-entryx_refsource_BID
	http://securityreason.com/securityalert/2448	third-party-advisoryx_refsource_SREASON
	http://osvdb.org/35352	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0946	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/25627	third-party-advisoryx_refsource_SECUNIA
	http://aviv.raffon.net/2007/03/14/PhishingUsingIE…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1018235	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/24535	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2153	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	http://news.com.com/2100-1002_3-6167410.html	x_refsource_MISC
	http://www.securityfocus.com/archive/1/462939/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/462945/100…	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/462833/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:08.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22966",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22966"
          },
          {
            "name": "2448",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2448"
          },
          {
            "name": "35352",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35352"
          },
          {
            "name": "ADV-2007-0946",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0946"
          },
          {
            "name": "oval:org.mitre.oval:def:1715",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
          },
          {
            "name": "25627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "ie-navcancl-xss(33026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
          },
          {
            "name": "1018235",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "24535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24535"
          },
          {
            "name": "ADV-2007-2153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://news.com.com/2100-1002_3-6167410.html"
          },
          {
            "name": "20070315 Re: Phishing using IE7 local resource vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
          },
          {
            "name": "20070315 RE: Phishing using IE7 local resource vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
          },
          {
            "name": "MS07-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "20070314 Phishing using IE7 local resource vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "22966",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22966"
        },
        {
          "name": "2448",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2448"
        },
        {
          "name": "35352",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35352"
        },
        {
          "name": "ADV-2007-0946",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0946"
        },
        {
          "name": "oval:org.mitre.oval:def:1715",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
        },
        {
          "name": "25627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25627"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "ie-navcancl-xss(33026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
        },
        {
          "name": "1018235",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018235"
        },
        {
          "name": "24535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24535"
        },
        {
          "name": "ADV-2007-2153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2153"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://news.com.com/2100-1002_3-6167410.html"
        },
        {
          "name": "20070315 Re: Phishing using IE7 local resource vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
        },
        {
          "name": "20070315 RE: Phishing using IE7 local resource vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
        },
        {
          "name": "MS07-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
        },
        {
          "name": "20070314 Phishing using IE7 local resource vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22966",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22966"
            },
            {
              "name": "2448",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2448"
            },
            {
              "name": "35352",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35352"
            },
            {
              "name": "ADV-2007-0946",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0946"
            },
            {
              "name": "oval:org.mitre.oval:def:1715",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx",
              "refsource": "MISC",
              "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "ie-navcancl-xss(33026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "24535",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24535"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "http://news.com.com/2100-1002_3-6167410.html",
              "refsource": "MISC",
              "url": "http://news.com.com/2100-1002_3-6167410.html"
            },
            {
              "name": "20070315 Re: Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
            },
            {
              "name": "20070315 RE: Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "20070314 Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1499",
    "datePublished": "2007-03-17T10:00:00",
    "dateReserved": "2007-03-17T00:00:00",
    "dateUpdated": "2024-08-07T12:59:08.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*\", \"matchCriteriaId\": \"3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*\", \"matchCriteriaId\": \"3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \\\"Navigation Canceled\\\" page and injects the script into the \\\"Refresh the page\\\" link, aka Navigation Cancel Page Spoofing Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Internet Explorer versi\\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \\\"Navigation Canceled\\\" e inyecta el script hacia el enlace \\\"Refresh the page\\\", tambi\\u00e9n se conoce como \\\"Navigation Cancel Page Spoofing Vulnerability.\\\"\"}]",
      "id": "CVE-2007-1499",
      "lastModified": "2024-11-21T00:28:27.863",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-03-17T10:19:00.000",
      "references": "[{\"url\": \"http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://news.com.com/2100-1002_3-6167410.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/35352\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24535\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2448\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462833/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462939/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462945/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22966\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0946\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33026\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://news.com.com/2100-1002_3-6167410.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/35352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462833/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462939/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/462945/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22966\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0946\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1499\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-17T10:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \\\"Navigation Canceled\\\" page and injects the script into the \\\"Refresh the page\\\" link, aka Navigation Cancel Page Spoofing Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer versi\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \\\"Navigation Canceled\\\" e inyecta el script hacia el enlace \\\"Refresh the page\\\", tambi\u00e9n se conoce como \\\"Navigation Cancel Page Spoofing Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*\",\"matchCriteriaId\":\"3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*\",\"matchCriteriaId\":\"3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8\"}]}]}],\"references\":[{\"url\":\"http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://news.com.com/2100-1002_3-6167410.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/35352\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24535\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2448\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/462833/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/462939/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/462945/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22966\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0946\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33026\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://news.com.com/2100-1002_3-6167410.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/462833/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/462939/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/462945/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. L'exploitation de l'une d'elles permettrait à une personne malveillante de tromper l'utilisateur, voire d'exécuter des commandes arbitraires sur son système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

GSD-2007-1499

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1499

Aliases

CVE-2007-1499

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1499",
    "description": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"",
    "id": "GSD-2007-1499"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1499"
      ],
      "details": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"",
      "id": "GSD-2007-1499",
      "modified": "2023-12-13T01:21:39.267361Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1499",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "22966",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22966"
          },
          {
            "name": "2448",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2448"
          },
          {
            "name": "35352",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35352"
          },
          {
            "name": "ADV-2007-0946",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0946"
          },
          {
            "name": "oval:org.mitre.oval:def:1715",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
          },
          {
            "name": "25627",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx",
            "refsource": "MISC",
            "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "ie-navcancl-xss(33026)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
          },
          {
            "name": "1018235",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "24535",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24535"
          },
          {
            "name": "ADV-2007-2153",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "http://news.com.com/2100-1002_3-6167410.html",
            "refsource": "MISC",
            "url": "http://news.com.com/2100-1002_3-6167410.html"
          },
          {
            "name": "20070315 Re: Phishing using IE7 local resource vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
          },
          {
            "name": "20070315 RE: Phishing using IE7 local resource vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
          },
          {
            "name": "MS07-033",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "20070314 Phishing using IE7 local resource vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1499"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
            },
            {
              "name": "http://news.com.com/2100-1002_3-6167410.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://news.com.com/2100-1002_3-6167410.html"
            },
            {
              "name": "24535",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24535"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "22966",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22966"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "2448",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2448"
            },
            {
              "name": "ADV-2007-0946",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0946"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "35352",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35352"
            },
            {
              "name": "ie-navcancl-xss(33026)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
            },
            {
              "name": "oval:org.mitre.oval:def:1715",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "20070315 RE: Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
            },
            {
              "name": "20070315 Re: Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
            },
            {
              "name": "20070314 Phishing using IE7 local resource vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:38Z",
      "publishedDate": "2007-03-17T10:19Z"
    }
  }
}

FKIE_CVE-2007-1499

Vulnerability from fkie_nvd - Published: 2007-03-17 10:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx	Vendor Advisory
cve@mitre.org	http://news.com.com/2100-1002_3-6167410.html
cve@mitre.org	http://osvdb.org/35352
cve@mitre.org	http://secunia.com/advisories/24535	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/25627	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/2448
cve@mitre.org	http://securitytracker.com/id?1018235
cve@mitre.org	http://www.securityfocus.com/archive/1/462833/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/462939/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/462945/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/471947/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22966
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0946
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2153
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715
af854a3a-2127-422b-91ae-364da2661108	http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://news.com.com/2100-1002_3-6167410.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35352
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24535	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25627	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2448
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018235
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/462833/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/462939/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/462945/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22966
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0946
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2153
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715

Impacted products

Vendor	Product	Version
microsoft	windows_vista	*
microsoft	ie	7.0
microsoft	windows_xp	*
microsoft	ie	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
              "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*",
              "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer versi\u00f3n 7.0 en Windows XP y Vista, permite a los atacantes remotos conducir ataques de phishing y posiblemente ejecutar c\u00f3digo arbitrario por medio de un URI res: en el archivo navcancl.htm con una URL arbitraria como argumento, que muestra la URL en la barra de direcciones de la pagina \"Navigation Canceled\" e inyecta el script hacia el enlace \"Refresh the page\", tambi\u00e9n se conoce como \"Navigation Cancel Page Spoofing Vulnerability.\""
    }
  ],
  "id": "CVE-2007-1499",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-17T10:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.com.com/2100-1002_3-6167410.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35352"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24535"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22966"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.com.com/2100-1002_3-6167410.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CJH8-4RC2-Q72F

Vulnerability from github – Published: 2022-05-01 17:54 – Updated: 2022-05-01 17:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-17T10:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the \"Navigation Canceled\" page and injects the script into the \"Refresh the page\" link, aka Navigation Cancel Page Spoofing Vulnerability.\"",
  "id": "GHSA-cjh8-4rc2-q72f",
  "modified": "2022-05-01T17:54:14Z",
  "published": "2022-05-01T17:54:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1499"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33026"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715"
    },
    {
      "type": "WEB",
      "url": "http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx"
    },
    {
      "type": "WEB",
      "url": "http://news.com.com/2100-1002_3-6167410.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35352"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24535"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2448"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/462833/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/462939/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/462945/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22966"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0946"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1499 (GCVE-0-2007-1499)

CERTA-2007-AVI-263

Description

Solution

CERTA-2007-AVI-263

Description

Solution

GSD-2007-1499

FKIE_CVE-2007-1499

GHSA-CJH8-4RC2-Q72F

Tags

Sightings

Nomenclature